AMENDMENTS TO THE CLAIMS: 



Please amend the claims as follows: 



1 . (Currently Amended) A method for associating computer network identifications 
with network policies, said method comprising the steps of: 

analyzing a network interface associated with a client computer using a 
plurality of network detectors, the detectors outputting a set of netspecs, 
each netspec comprising a first token identifying a detector used for the 
analysis and a second token identifying the analyzed network interface; 

sorting the set of netspecs in a priority order based at least in part on the 
reliability of the detectors that output the netspecs; 

associating the network identifications made by the set of netspecs with 

locations based at least in part on the priority order of the set of netspecs ; 
and 

feeding associated network identification/location pairs to a network interface 
module to implement desired network policies. 

2. (Original) The method of claim 1 wherein the network interface module is a 
module from the group of modules consisting of a firewall, a router, a sniffer, an intrusion 
detection module, a behavior blocking module, and a network communications module. 

3. (Original) The method of claim 1 wherein the network interface module is a 
firewall, and a user of the client computer adjusts firewall settings to set network policies 
based upon location. 

4. (Canceled) 
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5. (Canceled) 

6. (Currently Amended) The method of claim [[5]] 1 wherein a user of the client 
computer prioritizes the set of netspecs via a prioritization module the priority order is set by 
a user of the client computer . 

7. (Previously Presented) The method of claim 1 wherein the step of associating the 
network identifications with locations comprises using a network probe to look up locations 
in a netspec database. 

8. (Original) The method of claim 7 wherein a user of the client computer modifies 
the netspec database via a location setting module. 

9. (Previously Presented) The method of claim 1 wherein the step of feeding the 
associated network identification/location pairs to a network interface module comprises 
using a policy guide to feed the network identification/location pairs to the network interface 
module on a real-time basis. 

10. (Currently Amended) Apparatus for associating computer network 
identifications with network policies, said apparatus comprising: 

means for analyzing a network interface associated with a client computer 
using a plurality of network detectors, the detectors outputting a set of 
netspecs, each netspec comprising a first token identifying a detector used 
for the analysis and a second token identifying the analyzed network 
interface; 

coupled to the analyzing means, means for sorting the set of netspecs in a 
priority order based at least in part on the reliability of the detectors that 
output the netspecs; 
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coupled to the analyzing sorting means, means for associating the network 
identifications made by the set of netspecs with locations based at least in 
part on the priority order of the set of netspecs ; and 

coupled to the associating means, means for feeding associated network 
identification/location pairs to a network interface module to implement 
desired network policies. 

1 1 . (Original) The apparatus of claim 10 wherein the network interface module is a 
module from the group of modules consisting of a firewall, a router, a sniffer, an intrusion 
detection module, a behavior blocking module, and a network communications module. 

12. (Original) The apparatus of claim 10 wherein the network interface module is a 
firewall, and the network policies are implemented on a packet-by-packet basis. 

13. (Original) The apparatus of claim 12 wherein locations are correlated with 
firewall settings on a distributed basis within the firewall. 

14. (Canceled) 

15. (Canceled) 

16. (Previously Presented) The apparatus of claim 10 wherein the associating means 
further comprises: 

a netspec database associating the netspecs with the locations. 

17. (Previously Presented) The apparatus of claim 16 further comprising, coupled to 
the netspec database, a location setting module adapted to enable a user of the client 
computer to associate the locations with the netspecs. 

18. (Previously Presented) The apparatus of claim 10 wherein the feeding means 
comprises: 
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a policy guide for associating the network identifications with the locations; 
wherein 

the network interface module implements the network policies based upon the 
locations fed to the network interface module by the policy guide. 

19. (Previously Presented) The apparatus of claim 10 further comprising, coupled to 
the network interface module, a user interface adapted to enable a user of the client computer 
to associate the locations with the network policies. 

20. (Canceled) 

21. (Currently Amended) At least one computer-readable medium containing 
computer program instructions for associating computer network identifications with 
network policies, said computer program instructions performing the steps of: 

analyzing a network interface associated with a client computer using a 
plurality of network detectors, the detectors outputting a set of netspecs, 
each netspec comprising a first token identifying a detector used for the 
analysis and a second token identifying the analyzed network interface; 

sorting the set of netspecs in a priority order based at least in part on the 
reliability of the detectors that output the netspecs; 

associating the network identifications made by the set of netspecs with 

locations based at least in part on the priority order of the set of netspecs ; 
and 

feeding associated network identification/location pairs to a network interface 
module to implement desired network policies. 
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22. (Currently Amended) The method of claim 1, wherein the client computer has a 
plurality of network interfaces and further comprising: 

analyzing each of the plurality of network interfaces using the plurality of 

network detectors; and 
analyzing the netspecs for the plurality of network interfaces output by the 

plurality of network detectors to identify a set of unique network 

interfaces; 

wherein interfaces in the set of unique network interfaces are associated with 
locations responsive to the set of netspecs priority order . 

23. (New) The method of claim 1, further comprising: 

associating the network interface with a location associated with a highest 
priority netspec in the set. 
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